Lessons learned
This is maybe the most important step, because this is how you can create a good playbook that works for your company. This is also the part that gets skipped a lot. It doesn't have to be a long session, it can also be a quick brainstorm session. But there does need to be time and support for this process.
Some points you can use to highlight the importance of a lessons learned:
For Management
Helps to identify issues at each step, by discussing what went wrong or what could be improved, the impact of a future incident can be greatly reduced.
Helps to identify roles that are missing or communication lines that need to be improved.
Can be used as a success story, every lessons learned leads to improvements that can be shared internally or externally.
Improvements will only be implemented if cybersecurity receives priority. This does not just help the company, but also employee morale. You do not want to go into an incident with the mindset that "it will be another drama".
For Coworkers
Can help with skill development, this is also a great moment to get a review from coworkers on how you did. (I know, scary and not everyone wants this). Giving and providing feedback can be a good way to grow and to give kudos.
Helps to remove friction, maybe the roles aren't defined well or maybe the communication isn't flowing in the right direction. Now is the time to clear up misunderstandings.
It highlights issues most employees have probably already identified. Examples are: This doesn't receive priority from management, we are already swamped, we don't have the budget for this, this shouldn't be our responsibility. If your organization suffers from similar issues that don't get the attention they need, a lessons learned is a good moment to approach C-Level about bottlenecks.
This is also a good moment to review how the HR side of things went. Did overtime get approved? Was there time to wind down after the incident? Are there skills missing in the team that are needed to deal with an incident?
Last updated